While we have to use certificates, most applications will create a self-signed certificate. This is not a good practice at all, however. When do you decide to use a certificate authority (CA) server on your own network?

This is a complicated question, but I will share some points that I have learned along the road about when it makes sense to install a local certificate authority. In many situations, people deploy the Windows Active Directory Certificate Services role. Having centralized management with Group Policy is a requirement to scale the reach of the policies to many users and computers. One trick is to deploy certificates through Group Policy, which is especially helpful with device certificates.